Hi folks
Anyone have a solution for this one? Drupal 4.6.5
My site is getting hammered by spammers and I'm struggling to keep it going - particularly on a shared server.
As near as I can tell a regular anonymous visitor generates a single row in the sessions table.
I've been regularly deleting sessions where uid=0 but referrer and comment spammers are choking my sessions table with anonymous sessions. In an eight hour period I suddenly gained 14,700 rows in sessions table. In a half hour period towards the end of this before the db choked with too many connections, I had 500+ attempts to post comment spam.
Bad behaviour and spam are blocking almost all of the comment spam from publication, but the site is choking in the meantime.
I've tried session_limit module, but the spammers are spoofing random ips and ignoring the sessions, so it doesn't seem to have any effect.
Any suggestions welcomed.
Cheers Grant
-- * http://www.theatre.asn.au/ Connect with your local theatre online
On Wed, 29 Mar 2006 21:36:22 +0800 "Grant Malcolm" grant.malcolm@gmail.com wrote:
Hi folks
Anyone have a solution for this one? Drupal 4.6.5
My site is getting hammered by spammers and I'm struggling to keep it going - particularly on a shared server.
As near as I can tell a regular anonymous visitor generates a single row in the sessions table.
I was suffering from massive spam comment attacks on KernelTrap.org which were choking the database. I finally solved this by introducing form tokens on comments. I've created a patch for Drupal 4.6.6, attached (untested).
Cheers, -Jeremy
I've been regularly deleting sessions where uid=0 but referrer and comment spammers are choking my sessions table with anonymous sessions. In an eight hour period I suddenly gained 14,700 rows in sessions table. In a half hour period towards the end of this before the db choked with too many connections, I had 500+ attempts to post comment spam.
Bad behaviour and spam are blocking almost all of the comment spam from publication, but the site is choking in the meantime.
I've tried session_limit module, but the spammers are spoofing random ips and ignoring the sessions, so it doesn't seem to have any effect.
Any suggestions welcomed.
Cheers Grant
--
http://www.theatre.asn.au/ Connect with your local theatre online
solved this by introducing form tokens on comments. I've created a patch for Drupal 4.6.6, attached (untested).
I don't think this is happening anymore in 4.7 - I could be wrong, but there was a bunch of talk about how the tokens were failing with cached pages (the same token being set on a cached comment form, and then failing the validation checks when it came time to Preview/Subnit).
On Wed, 29 Mar 2006 11:21:27 -0500 Morbus Iff morbus@disobey.com wrote:
solved this by introducing form tokens on comments. I've created a patch for Drupal 4.6.6, attached (untested).
I don't think this is happening anymore in 4.7 - I could be wrong, but there was a bunch of talk about how the tokens were failing with cached pages (the same token being set on a cached comment form, and then failing the validation checks when it came time to Preview/Subnit).
Fortunately that bug was fixed: http://drupal.org/node/51303
Cheers, -Jeremy